Why BCryptPasswordEncoder from Spring generate different outputs for same input?

Question

I am using BCryptPasswordEncoder with Spring security. My expectation was that for the same input I will always get the same output. But for the same input I get different o

Answer 1

That is perfectly normal because BCryptPasswordEncoder uses a salt to generate the password. You can read about the idea behind "salting" a password here and here.

This is what the documentation says for the encode method

Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.